[Openid-specs-ab] Refresh token lifetime?
Mischa Salle
msalle at nikhef.nl
Tue Aug 27 12:22:51 UTC 2019
Hi all,
I was wondering if there is any standard (RFC or OpenID) for conveying
the lifetime or expiry time of a refresh token?
The access token response returns an expires_in for the
access token, following https://tools.ietf.org/html/rfc6749#section-4.2.2
but there seems to be no standard for returning an expiry time or
lifetime for the refresh token.
It would certainly be useful information for a client.
In case there is no standard yet, what would be the right thing to do?
I would suggest adding another access token response parameter, such as
rt_expires_in. Alternatively, it could be the expiry time, e.g.
refresh_token_exp or something like that.
Are there already parties doing something like this?
Mischa
--
Nikhef Room H155
Science Park 105 Tel. +31-20-592 5102
1098 XG Amsterdam Fax +31-20-592 5155
The Netherlands Email msalle at nikhef.nl
__ .. ... _._. .... ._ ... ._ ._.. ._.. .._..
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190827/5618b96e/attachment.asc>
More information about the Openid-specs-ab
mailing list